Craton HSM is a memory-safe, post-quantum-ready PKCS#11 software HSM in Rust — a modern replacement for the unmaintained SoftHSMv2.

We scanned 900+ MCP configurations on GitHub. 75% failed basic security checks.

On March 24, 2026, threat actor known as TeamPCP published backdoored versions of the litellm Python package after stealing PyPI credentials via a compromised Trivy GitHub Action in LiteLLM's CI/CD pipeline. Here's what happened, how the three-stage malware…

[toc] IntroductionIs AI an evolution or a revolution? Or both? Those are interesting questions. Speaking of AI - even ChatGPT and Grok agree: A debugger is the one of the most (if not the most) important tool for exploit developers, malware analysts, and…

Governments around the world are introducing age-verification and youth social-media laws, but these policies may be doing far more than protecting children. They are quietly pushing identity into operating systems, app stores, and the core infrastructure…

Posted by More_Implement1639 - 4 votes and 2 comments

CVE-2026-28373 describes a path traversal vulnerability in the Stackfield desktop app affecting all versions up to 1.10.1 on Windows and macOS. During the …

EspoCRM v9.3.3: formula engine ACL bypass + unsanitized attachment path = arbitrary file read, arbitrary file write, and RCE as www-data. CVE-2026-33656.

HackerOne slams Navia Benefit Solutions after a BOLA vulnerability exposed the SSNs and data of 287 employees. Read the full report

The Application User Model ID (AUMID) is a unique identifier that Windows assigns to modern applications. It enables Windows to identify which applications should receive notifications, how start m…

Analyse technique d’un pentest d’application web 100 % vibe codée : découverte de vulnérabilités LFI, IDOR, dépendances vulnérables et risques sécurité liés au code généré par IA.

A missing authentication check in TP-Link’s Archer NX series allows unprivileged attackers to upload firmware. The update lands as the company defends a Texas lawsuit alleging deceptive security claims.

An in-depth investigative report on the March 2026 LiteLLM supply chain attack. Discover how the Trivy GitHub Actions hack led to a massive PyPI compromise

On March 20th, 2026, the FCC banned the purchase, import and sale of foreign-made routers, citing supply-chain and security concerns. The FCC fails to account for weak credentials and firmware vulnerabilities, which serve as the initial access vectors for…

Análise técnica de infostealer encontrado nas versões 1.82.7 e 1.82.8 do pacote LiteLLM

Your AI assistant just received a WhatsApp message. It ran a shell command. Then it wrote new code and executed...

Magento remains one of the most popular e-commerce solutions in use on the internet, estimated to be running on more than 130,000 websites. It is also offered as an enterprise offering by Adobe under the name Adobe Commerce, which receives automatic patching.…

NTLM-Relaying is a common attack vector in internal networks. In this blog post, we will show that even in 2026, there are still many scenarios where NTLM-Relaying can be successfully performed, and we will provide some insights into how to mitigate these…